Sneak Attack: Android Apps Can Spy on Each Other

Modern operating systems "sandbox" apps so that they can't affect each other — in theory. Yet three researchers have shown that, at least in Android, one app can "spy" on another and then, at just the right moment, interfere with the targeted app's user display in order to steal passwords, credit-card numbers or even sensitive photos.

In this way, the researchers were able to steal login credentials from the Gmail app, a Social Security number from the H&R Block app, a credit-card number from the NewEgg app and a bank-check image from the Chase app. Only the Amazon app proved resistant, though not immune.

"The assumption has always been that these apps can't interfere with each other easily," researcher Zhiyun Qian of NEC Laboratories America told Phys.org. "One app can in fact significantly impact another and result in harmful consequences for the user."